Discussion:
[Fab-user] existing SSH tunnel
Martin Enzinger
2014-10-26 19:18:42 UTC
Permalink
Hi,

if a client is located behind a firewall I usually set up a reverse tunnel
between the client and a remote server and then connect via the remote
server to the client.

Is it possible to use fabric this way?

If a reverse tunnel (remote server <-> client) is initiated by the client,
can fabric somehow access the client and do its magic?

I have full access to the remote server.

Thanks, best regards
Carlos García
2014-10-27 15:48:08 UTC
Permalink
Hi Martin,

if I have unterstood your question, that's perfectly possible, as fabric
uses SSH to access remote servers and execute tasks. So, if you create a
reverse tunnel as this:

ssh -R localhost:5555:localhost:22 your_server


You can use fabric as this on *your_server*:

fab -H localhost --port 5555 your_task

If you're using fabric from another server that access to *your_server*,
you must configure the sshd daemon on *your_server* to allow you to create
sockets that listens for remote connections. I think it's not allowed by
default. Also, your reverse tunnel should be done like this:

ssh -R your_server:5555:localhost:22 your_server

or

ssh -R *:5555:localhost:22 your_server


And fabric command would be:

fab -H your_server --port 5555 your_task

Hope it helps!


Regards
Post by Martin Enzinger
Hi,
if a client is located behind a firewall I usually set up a reverse tunnel
between the client and a remote server and then connect via the remote
server to the client.
Is it possible to use fabric this way?
If a reverse tunnel (remote server <-> client) is initiated by the client,
can fabric somehow access the client and do its magic?
I have full access to the remote server.
Thanks, best regards
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Carlos García
Director de Operaciones
Tel. 695 624 167 - 902 620 100
www.stoneworksolutions.net

AVISO DE CONFIDENCIALIDAD
Tanto este mensaje como todos los posibles documentos adjuntos al mismo son
confidenciales y están dirigidos exclusivamente a los destinatarios de los
mismos. Por favor, si Ud no es uno de dichos destinatarios, notifíquenos
este hecho y elimine el mensaje de su sistema. Queda prohibida la copia,
difusión o revelación de su contenido a terceros sin el previo
consentimiento por escrito del remitente. En caso contrario, vulnerarán la
legislación vigente
Carlos García
2014-10-28 08:42:23 UTC
Permalink
Hi Martin

Have you tried to connect directly using SSH? Looks like the tunnel is not
working. Try:

ssh -p 3333 localhost


Please, check the listen IP of sshd daemon in the client machine. If it's
not listening in localhost, you should change the tunnel command (set
*listen_ip*):

sudo ssh -R *:3333:*listen_ip*:22 ***@54.1.1.1 -i keyfile.pem -N


Regards
Hi Carlos,
I'm relieved to hear that this is feasible.
While testing option 1 I always get the same response on the remote
Error reading SSH protocol bannerUnderlying exception: Error reading SSH
protocol banner*
and this the local output.
*connect_to localhost port 22: failed.*
The reverse tunnel is initiated with this command on the local machine
keyfile.pem -N*
"GatewayPorts yes" in /etc/ssh/sshd_config is set.
And this is the fab command
*fab -H localhost --port 3333 tester*
Thank you for your help!
On Mon, Oct 27, 2014 at 4:48 PM, Carlos García <
Post by Carlos García
Hi Martin,
if I have unterstood your question, that's perfectly possible, as fabric
uses SSH to access remote servers and execute tasks. So, if you create a
ssh -R localhost:5555:localhost:22 your_server
fab -H localhost --port 5555 your_task
If you're using fabric from another server that access to *your_server*,
you must configure the sshd daemon on *your_server* to allow you to
create sockets that listens for remote connections. I think it's not
ssh -R your_server:5555:localhost:22 your_server
or
ssh -R *:5555:localhost:22 your_server
fab -H your_server --port 5555 your_task
Hope it helps!
Regards
Post by Martin Enzinger
Hi,
if a client is located behind a firewall I usually set up a reverse
tunnel between the client and a remote server and then connect via the
remote server to the client.
Is it possible to use fabric this way?
If a reverse tunnel (remote server <-> client) is initiated by the
client, can fabric somehow access the client and do its magic?
I have full access to the remote server.
Thanks, best regards
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Carlos García
Director de Operaciones
Tel. 695 624 167 - 902 620 100
www.stoneworksolutions.net
AVISO DE CONFIDENCIALIDAD
Tanto este mensaje como todos los posibles documentos adjuntos al mismo
son confidenciales y están dirigidos exclusivamente a los destinatarios de
los mismos. Por favor, si Ud no es uno de dichos destinatarios,
notifíquenos este hecho y elimine el mensaje de su sistema. Queda prohibida
la copia, difusión o revelación de su contenido a terceros sin el previo
consentimiento por escrito del remitente. En caso contrario, vulnerarán la
legislación vigente
--
Carlos García
Director de Operaciones
Tel. 695 624 167 - 902 620 100
www.stoneworksolutions.net

AVISO DE CONFIDENCIALIDAD
Tanto este mensaje como todos los posibles documentos adjuntos al mismo son
confidenciales y están dirigidos exclusivamente a los destinatarios de los
mismos. Por favor, si Ud no es uno de dichos destinatarios, notifíquenos
este hecho y elimine el mensaje de su sistema. Queda prohibida la copia,
difusión o revelación de su contenido a terceros sin el previo
consentimiento por escrito del remitente. En caso contrario, vulnerarán la
legislación vigente
Loading...